Patch Manager is RunCloud’s built-in security patch management system. It helps you identify which of your servers are affected by known vulnerabilities and apply patches on your own schedule, with full visibility into what each patch does and per-server tracking of patch status.
With Patch Manager, you can:
- See exactly which servers need attention based on OS, web server type, architecture, and other criteria.
- Apply patches to selected servers in a few clicks.
- Track patch status in real time as each server progresses through the patch lifecycle.
- Maintain a full audit trail of every patch applied.
Patches are not applied automatically to ensure you maintain full control over your server environment. Automatic patching, especially for security vulnerabilities (CVEs), can sometimes force unexpected reboots and downtime. By requiring manual intervention, we ensure that you can choose the optimal time to apply updates, preventing service disruptions and keeping you in control of your server’s maintenance schedule.
Accessing Patch Manager
Patch Manager is available in both your Workspace Settings and Personal Space Settings.
- Navigate to Settings from the left sidebar (gear icon).
- Under your Workspace (or Personal Space) section, click Patch Manager.
You will see the Patches list, which displays all currently active patches available for your servers.
Only patches relevant to your servers will appear. If no patches are listed, none of your servers currently match any active patch criteria.
Investigating & Assessing the Patches
Click View Details on any patch to open the patch detail page. This page contains everything you need to know before applying the patch.
Different patches carry different levels of risk and urgency; reviewing these details helps you make informed decisions.
This page lets you identify affected servers, review patch details, and determine whether an update requires immediate installation or can be scheduled for a routine maintenance window.
Patch Information
The top of the page displays:
- Patch name: The name of the patch and its current status, such as “Reboot Required.”
- Release date: The date RunCloud released the patch.
- Description: Details of the vulnerability and what the patch does.
Affected Systems
This section lists the criteria used to match servers to this patch. Only servers that match all listed criteria will appear in the Servers section. Criteria may include:
- Web server type (e.g., NGINX, OpenLiteSpeed)
- OS version (e.g., Ubuntu 22.04, 20.04)
- Architecture (e.g., x86_64, Aarch64)
- Installation type (e.g., Containerized, Native)
- Database type (e.g., MySQL, MariaDB)
If you have servers that don’t appear in this patch, they don’t meet the criteria. This is intentional – you will only see servers that need patching.
Servers Section
The Servers panel shows:
- Summary counters: Total servers matching this patch, broken down by status (Not Applied, Pending, Completed).
- Search bar: Filter servers by name or IP.
- Per-server status badges: Each server shows its current patch status.
You can select individual servers by clicking the checkbox next to each row, or use Select All to select every matching server.
Applying a Patch
Once you have selected the server(s) you want to patch, click Apply Patch & Reboot (or Apply Patch if no reboot is required).
This will open a new confirmation modal where you can verify the number of servers you want to apply the patch to, then click Apply Patch to confirm or Cancel to go back.
In the event of a vulnerability, it is the user’s responsibility to select the servers they wish to patch, allowing you to manage any potential downtime according to your own needs.
Once you apply a patch, you can monitor each server’s progress on the patch detail page.
The deployment process runs in the background, and you can navigate away from the page or perform other tasks while the update is underway. Individual server statuses will continue to update, and the current progress will be displayed whenever you return to the page.
The summary counters will update as servers move through the following statuses:
| Status | Meaning |
|---|---|
| Not Applied | The patch has not yet been applied to this server. |
| Pending | The patch has been queued, but has not started executing. |
| In Progress | The patch is currently being applied to this server. |
| Completed | The patch was successfully applied. |
| Failed | The patch could not be applied (see troubleshooting below). |
| Rebooted | The patch was applied, and the server has been rebooted successfully. |
Frequently Asked Questions
Why don’t I see all my servers on a patch?
Patch Manager only shows servers that match the criteria defined for each patch (OS version, web server type, architecture, etc.). If a server doesn’t appear, it means it is not affected by that particular vulnerability. This filtering ensures you only see servers that genuinely need patching.
Can I schedule a patch for later?
Not at this time. Patches are applied immediately when you click Apply Patch. We recommend applying reboot-required patches during your scheduled maintenance windows.
What happens if a patch fails?
If a patch fails on a specific server, the status badge for that server will show “Failed.” The patch can be reapplied to that server. If the failure persists, contact RunCloud support for assistance.
Can I roll back a patch?
Patch rollback is not currently supported. If a patch causes issues on your server, contact RunCloud support immediately.
Do I need to reboot my server manually?
No. If a patch requires a reboot, the server will reboot automatically after the patch is applied. You do not need to trigger a reboot yourself.
Who can apply patches?
Any user with the Patch Manager permission in the Workspace or Personal Space can view and apply patches. Only RunCloud administrators can create and manage patches.